Resources for the Information Security & Privacy Professional

Equifax Security Breach & Credit Freezes

By now, you’ve heard of the Equifax security breach. There’s plenty of coverage on it so I won’t go into detail here.

However, a friend asked me what I felt they should do next and I figured I’d share my recommendation (which really goes for any security breach that affects your personally identifiable information.)

We may all might was well do three things:

Go to Equifax’s website to see if we might be victims of this latest breach: https://www.equifaxsecurity2017.com. They have a handy tool for you to check if you’re part of the breach.

Sign up for the free credit monitoring that Equifax is providing (if available to you, on the same website)

Consider signing up to freeze your credit report.

Its this last one I want to discuss in more detail. The Identify Theft Resource Center has some great info on the pros and cons of credit freezes. There’s often a cost associated with freezing (and thawing) your credit report for long periods of time and sometimes you have to be a victim of ID theft to start. Worse, the rules vary state to state. But it makes me wonder why this isn’t the default setting for all consumers?

Why isn’t our credit frozen automatically and easy to thaw (by the consumer) with minimal hassle? Especially since these credit companies are collecting information about us without our explicit consent, it seems that consumers should have better defense against ID theft than simple credit monitoring, which is generally clunky and temporary. Criminals have great patience and they know the monitoring only lasts one to two years.

If thawing one’s report to sign up for new credit was easy, there’s really no reason from a consumer perspective why we wouldn’t want to enable this fundamental and powerful privacy feature.